You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2020/10/26 12:26:21 UTC

[apisix] branch master updated: change(jwt-auth): split schema to adapt different occasions (#2459)

This is an automated email from the ASF dual-hosted git repository.

spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new 9500a82  change(jwt-auth): split schema to adapt different occasions (#2459)
9500a82 is described below

commit 9500a8219aab57ca80da5e717470f2062403eadd
Author: 罗泽轩 <sp...@gmail.com>
AuthorDate: Mon Oct 26 20:26:11 2020 +0800

    change(jwt-auth): split schema to adapt different occasions (#2459)
    
    Close #2288.
---
 apisix/plugins/jwt-auth.lua | 32 +++++++++++++++-----
 t/plugin/jwt-auth.t         | 73 ++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 93 insertions(+), 12 deletions(-)

diff --git a/apisix/plugins/jwt-auth.lua b/apisix/plugins/jwt-auth.lua
index 054d393..a594e6f 100644
--- a/apisix/plugins/jwt-auth.lua
+++ b/apisix/plugins/jwt-auth.lua
@@ -31,6 +31,13 @@ local plugin_name = "jwt-auth"
 
 local schema = {
     type = "object",
+    additionalProperties = false,
+    properties = {},
+}
+
+local consumer_schema = {
+    type = "object",
+    additionalProperties = false,
     properties = {
         key = {type = "string"},
         secret = {type = "string"},
@@ -44,7 +51,8 @@ local schema = {
             type = "boolean",
             default = false
         }
-    }
+    },
+    required = {"key"},
 }
 
 
@@ -75,20 +83,28 @@ do
 end -- do
 
 
-function _M.check_schema(conf)
+function _M.check_schema(conf, schema_type)
     core.log.info("input conf: ", core.json.delay_encode(conf))
 
-    local ok, err = core.schema.check(schema, conf)
+    local ok, err
+    if schema_type == core.schema.TYPE_CONSUMER then
+        ok, err = core.schema.check(consumer_schema, conf)
+    else
+        ok, err = core.schema.check(schema, conf)
+    end
+
     if not ok then
         return false, err
     end
 
-    if not conf.secret then
-        conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
-    end
+    if schema_type == core.schema.TYPE_CONSUMER then
+        if not conf.secret then
+            conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
+        end
 
-    if not conf.exp then
-        conf.exp = 60 * 60 * 24
+        if not conf.exp then
+            conf.exp = 60 * 60 * 24
+        end
     end
 
     return true
diff --git a/t/plugin/jwt-auth.t b/t/plugin/jwt-auth.t
index c940135..0a041b0 100644
--- a/t/plugin/jwt-auth.t
+++ b/t/plugin/jwt-auth.t
@@ -29,9 +29,10 @@ __DATA__
     location /t {
         content_by_lua_block {
             local plugin = require("apisix.plugins.jwt-auth")
-            local conf = {}
+            local core = require("apisix.core")
+            local conf = {key = "123"}
 
-            local ok, err = plugin.check_schema(conf)
+            local ok, err = plugin.check_schema(conf, core.schema.TYPE_CONSUMER)
             if not ok then
                 ngx.say(err)
             end
@@ -42,7 +43,7 @@ __DATA__
 --- request
 GET /t
 --- response_body_like eval
-qr/{"algorithm":"HS256","secret":"[a-zA-Z0-9+\\\/]+={0,2}","exp":86400}/
+qr/{"algorithm":"HS256","secret":"[a-zA-Z0-9+\\\/]+={0,2}","key":"123","exp":86400}/
 --- no_error_log
 [error]
 
@@ -52,8 +53,9 @@ qr/{"algorithm":"HS256","secret":"[a-zA-Z0-9+\\\/]+={0,2}","exp":86400}/
 --- config
     location /t {
         content_by_lua_block {
+            local core = require("apisix.core")
             local plugin = require("apisix.plugins.jwt-auth")
-            local ok, err = plugin.check_schema({key = 123})
+            local ok, err = plugin.check_schema({key = 123}, core.schema.TYPE_CONSUMER)
             if not ok then
                 ngx.say(err)
             end
@@ -454,3 +456,66 @@ Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtle
 hello world
 --- no_error_log
 [error]
+
+
+
+=== TEST 23: without key
+--- config
+    location /t {
+        content_by_lua_block {
+            local core = require("apisix.core")
+            local plugin = require("apisix.plugins.jwt-auth")
+            local ok, err = plugin.check_schema({}, core.schema.TYPE_CONSUMER)
+            if not ok then
+                ngx.say(err)
+                return
+            end
+
+            ngx.say("done")
+        }
+    }
+--- request
+GET /t
+--- response_body
+property "key" is required
+--- no_error_log
+[error]
+
+
+
+=== TEST 24: enable jwt auth plugin with extra field
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/routes/1',
+                ngx.HTTP_PUT,
+                [[{
+                    "plugins": {
+                        "jwt-auth": {
+                            "key": "123"
+                        }
+                    },
+                    "upstream": {
+                        "nodes": {
+                            "127.0.0.1:1980": 1
+                        },
+                        "type": "roundrobin"
+                    },
+                    "uri": "/hello"
+                }]]
+                )
+
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- error_code: 400
+--- response_body_like
+\{"error_msg":"failed to check the configuration of plugin jwt-auth err: additional properties forbidden, found key"\}
+--- no_error_log
+[error]